From 36c0b61c598e34c572283c7d76d42cf8e81cd126 Mon Sep 17 00:00:00 2001 From: Ivan Grynenko Date: Wed, 6 Jul 2016 20:47:29 +1000 Subject: [PATCH] Squashed 'roles/ansible-role-apache/' content from commit 6d623d0 git-subtree-dir: roles/ansible-role-apache git-subtree-split: 6d623d00c47168832b3d881bfe8514ac81e88c9a --- .travis.yml | 54 +++++++++++++++ README.md | 124 ++++++++++++++++++++++++++++++++++ defaults/main.yml | 44 ++++++++++++ handlers/main.yml | 5 ++ meta/main.yml | 31 +++++++++ tasks/configure-Debian.yml | 54 +++++++++++++++ tasks/configure-RedHat.yml | 24 +++++++ tasks/configure-Solaris.yml | 19 ++++++ tasks/configure-Suse.yml | 24 +++++++ tasks/main.yml | 58 ++++++++++++++++ tasks/setup-Debian.yml | 7 ++ tasks/setup-RedHat.yml | 7 ++ tasks/setup-Solaris.yml | 6 ++ tasks/setup-Suse.yml | 6 ++ templates/vhosts.conf.j2 | 82 ++++++++++++++++++++++ tests/Dockerfile.centos-6 | 15 ++++ tests/Dockerfile.centos-7 | 27 ++++++++ tests/Dockerfile.ubuntu-12.04 | 11 +++ tests/Dockerfile.ubuntu-14.04 | 11 +++ tests/test.yml | 13 ++++ vars/Debian.yml | 14 ++++ vars/RedHat.yml | 20 ++++++ vars/Solaris.yml | 19 ++++++ vars/Suse.yml | 18 +++++ vars/apache-22.yml | 12 ++++ vars/apache-24.yml | 8 +++ 26 files changed, 713 insertions(+) create mode 100644 .travis.yml create mode 100644 README.md create mode 100644 defaults/main.yml create mode 100644 handlers/main.yml create mode 100644 meta/main.yml create mode 100644 tasks/configure-Debian.yml create mode 100644 tasks/configure-RedHat.yml create mode 100644 tasks/configure-Solaris.yml create mode 100644 tasks/configure-Suse.yml create mode 100644 tasks/main.yml create mode 100644 tasks/setup-Debian.yml create mode 100644 tasks/setup-RedHat.yml create mode 100644 tasks/setup-Solaris.yml create mode 100644 tasks/setup-Suse.yml create mode 100644 templates/vhosts.conf.j2 create mode 100644 tests/Dockerfile.centos-6 create mode 100644 tests/Dockerfile.centos-7 create mode 100644 tests/Dockerfile.ubuntu-12.04 create mode 100644 tests/Dockerfile.ubuntu-14.04 create mode 100644 tests/test.yml create mode 100644 vars/Debian.yml create mode 100644 vars/RedHat.yml create mode 100644 vars/Solaris.yml create mode 100644 vars/Suse.yml create mode 100644 vars/apache-22.yml create mode 100644 vars/apache-24.yml diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..163e4c3 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,54 @@ +--- +sudo: required + +env: + - distribution: centos + version: 6 + init: /sbin/init + run_opts: "" + - distribution: centos + version: 7 + init: /usr/lib/systemd/systemd + run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro" + - distribution: ubuntu + version: 14.04 + init: /sbin/init + run_opts: "" + - distribution: ubuntu + version: 12.04 + init: /sbin/init + run_opts: "" + +services: + - docker + +before_install: + # - sudo apt-get update + # Pull container + - 'sudo docker pull ${distribution}:${version}' + # Customize container + - 'sudo docker build --rm=true --file=tests/Dockerfile.${distribution}-${version} --tag=${distribution}-${version}:ansible tests' + +script: + - container_id=$(mktemp) + # Run container in detached state + - 'sudo docker run --detach --volume="${PWD}":/etc/ansible/roles/role_under_test:ro ${run_opts} ${distribution}-${version}:ansible "${init}" > "${container_id}"' + + # Ansible syntax check. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml --syntax-check' + + # Test role. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml' + + # Test role idempotence. + - > + sudo docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml + | grep -q 'changed=0.*failed=0' + && (echo 'Idempotence test: pass' && exit 0) + || (echo 'Idempotence test: fail' && exit 1) + + # Clean up + - 'sudo docker stop "$(cat ${container_id})"' + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/README.md b/README.md new file mode 100644 index 0000000..100614d --- /dev/null +++ b/README.md @@ -0,0 +1,124 @@ +# Ansible Role: Apache 2.x + +[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-apache.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-apache) + +An Ansible Role that installs Apache 2.x on RHEL/CentOS, Debian/Ubuntu, SLES and Solaris. + +## Requirements + +If you are using SSL/TLS, you will need to provide your own certificate and key files. You can generate a self-signed certificate with a command like `openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout example.key -out example.crt`. + +If you are using Apache with PHP, I recommend using the `geerlingguy.php` role to install PHP, and you can either use mod_php (by adding the proper package, e.g. `libapache2-mod-php5` for Ubuntu, to `php_packages`), or by also using `geerlingguy.apache-php-fpm` to connect Apache to PHP via FPM. See that role's README for more info. + +## Role Variables + +Available variables are listed below, along with default values (see `defaults/main.yml`): + + apache_enablerepo: "" + +The repository to use when installing Apache (only used on RHEL/CentOS systems). If you'd like later versions of Apache than are available in the OS's core repositories, use a repository like EPEL (which can be installed with the `geerlingguy.repo-epel` role). + + apache_listen_ip: "*" + apache_listen_port: 80 + apache_listen_port_ssl: 443 + +The IP address and ports on which apache should be listening. Useful if you have another service (like a reverse proxy) listening on port 80 or 443 and need to change the defaults. + + apache_create_vhosts: true + apache_vhosts_filename: "vhosts.conf" + +If set to true, a vhosts file, managed by this role's variables (see below), will be created and placed in the Apache configuration folder. If set to false, you can place your own vhosts file into Apache's configuration folder and skip the convenient (but more basic) one added by this role. + + apache_remove_default_vhost: false + +On Debian/Ubuntu, a default virtualhost is included in Apache's configuration. Set this to `true` to remove that default virtualhost configuration file. + + apache_global_vhost_settings: | + DirectoryIndex index.php index.html + # Add other global settings on subsequent lines. + +You can add or override global Apache configuration settings in the role-provided vhosts file (assuming `apache_create_vhosts` is true) using this variable. By default it only sets the DirectoryIndex configuration. + + apache_vhosts: + # Additional optional properties: 'serveradmin, serveralias, extra_parameters'. + - servername: "local.dev" + documentroot: "/var/www/html" + +Add a set of properties per virtualhost, including `servername` (required), `documentroot` (required), `serveradmin` (optional), `serveralias` (optional) and `extra_parameters` (optional: you can add whatever additional configuration lines you'd like in here). + +Here's an example using `extra_parameters` to add a RewriteRule to redirect all requests to the `www.` site: + + - servername: "www.local.dev" + serveralias: "local.dev" + documentroot: "/var/www/html" + extra_parameters: | + RewriteCond %{HTTP_HOST} !^www\. [NC] + RewriteRule ^(.*)$ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L] + +The `|` denotes a multiline scalar block in YAML, so newlines are preserved in the resulting configuration file output. + + apache_vhosts_ssl: [] + +No SSL vhosts are configured by default, but you can add them using the same pattern as `apache_vhosts`, with a few additional directives, like the following example: + + apache_vhosts_ssl: + - { + servername: "local.dev", + documentroot: "/var/www/html", + certificate_file: "/home/vagrant/example.crt", + certificate_key_file: "/home/vagrant/example.key", + certificate_chain_file: "/path/to/certificate_chain.crt" + } + +Other SSL directives can be managed with other SSL-related role variables. + + apache_ssl_protocol: "All -SSLv2 -SSLv3" + apache_ssl_cipher_suite: "AES256+EECDH:AES256+EDH" + +The SSL protocols and cipher suites that are used/allowed when clients make secure connections to your server. These are secure/sane defaults, but for maximum security, performand, and/or compatibility, you may need to adjust these settings. + + apache_mods_enabled: + - rewrite.load + - ssl.load + apache_mods_disabled: [] + +(Debian/Ubuntu ONLY) Which Apache mods to enable or disable (these will be symlinked into the appropriate location). See the `mods-available` directory inside the apache configuration directory (`/etc/apache2/mods-available` by default) for all the available mods. + + apache_packages: + - [platform-specific] + +The list of packages to be installed. This defaults to a set of platform-specific packages for RedHat or Debian-based systems (see `vars/RedHat.yml` and `vars/Debian.yml` for the default values). + + apache_state: started + +Set initial Apache daemon state to be enforced when this role is run. This should generally remain `started`, but you can set it to `stopped` if you need to fix the Apache config during a playbook run or otherwise would not like Apache started at the time this role is run. + + apache_ignore_missing_ssl_certificate: true + +If you would like to only create SSL vhosts when the vhost certificate is present (e.g. when using Let’s Encrypt), set `apache_ignore_missing_ssl_certificate` to `false`. When doing this, you might need to run your playbook more than once so all the vhosts are configured (if another part of the playbook generates the SSL certificates). + +## Dependencies + +None. + +## Example Playbook + + - hosts: webservers + vars_files: + - vars/main.yml + roles: + - { role: geerlingguy.apache } + +*Inside `vars/main.yml`*: + + apache_listen_port: 8080 + apache_vhosts: + - {servername: "example.com", documentroot: "/var/www/vhosts/example_com"} + +## License + +MIT / BSD + +## Author Information + +This role was created in 2014 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/). diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..4acdfce --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,44 @@ +--- +apache_enablerepo: "" + +apache_listen_ip: "*" +apache_listen_port: 80 +apache_listen_port_ssl: 443 + +apache_create_vhosts: true +apache_vhosts_filename: "vhosts.conf" + +# On Debian/Ubuntu, a default virtualhost is included in Apache's configuration. +# Set this to `true` to remove that default. +apache_remove_default_vhost: false + +apache_global_vhost_settings: | + DirectoryIndex index.php index.html + +apache_vhosts: + # Additional properties: 'serveradmin, serveralias, extra_parameters'. + - servername: "local.dev" + documentroot: "/var/www/html" + +apache_vhosts_ssl: [] + # Additional properties: 'serveradmin, extra_parameters'. + # - servername: "local.dev", + # documentroot: "/var/www/html", + # certificate_file: "/path/to/certificate.crt", + # certificate_key_file: "/path/to/certificate.key", + # # Optional. + # certificate_chain_file: "/path/to/certificate_chain.crt" + +apache_ignore_missing_ssl_certificate: true + +apache_ssl_protocol: "All -SSLv2 -SSLv3" +apache_ssl_cipher_suite: "AES256+EECDH:AES256+EDH" + +# Only used on Debian/Ubuntu. +apache_mods_enabled: + - rewrite.load + - ssl.load +apache_mods_disabled: [] + +# Set initial apache state. Recommended values: `started` or `stopped` +apache_state: started diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..25d14ec --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: restart apache + service: + name: "{{ apache_service }}" + state: restarted diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..12200db --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,31 @@ +--- +dependencies: [] + +galaxy_info: + author: geerlingguy + description: Apache 2.x for RedHat/CentOS/Debian/Ubuntu/Solaris/Suse. + company: "Midwestern Mac, LLC" + license: "license (BSD, MIT)" + min_ansible_version: 1.9 + platforms: + - name: EL + versions: + - all + - name: Debian + versions: + - all + - name: Ubuntu + versions: + - precise + - raring + - saucy + - trusty + - xenial + - name: Suse + versions: + - all + - name: Solaris + versions: + - 11.3 + galaxy_tags: + - web diff --git a/tasks/configure-Debian.yml b/tasks/configure-Debian.yml new file mode 100644 index 0000000..94b9b23 --- /dev/null +++ b/tasks/configure-Debian.yml @@ -0,0 +1,54 @@ +--- +- name: Configure Apache. + lineinfile: + dest: "{{ apache_server_root }}/ports.conf" + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + state: present + with_items: "{{ apache_ports_configuration_items }}" + notify: restart apache + +- name: Enable Apache mods. + file: + src: "{{ apache_server_root }}/mods-available/{{ item }}" + dest: "{{ apache_server_root }}/mods-enabled/{{ item }}" + state: link + with_items: "{{ apache_mods_enabled }}" + notify: restart apache + +- name: Disable Apache mods. + file: + path: "{{ apache_server_root }}/mods-enabled/{{ item }}" + state: absent + with_items: "{{ apache_mods_disabled }}" + notify: restart apache + +- name: Check whether certificates defined in vhosts exist. + stat: "path={{ item.certificate_file }}" + register: apache_ssl_certificates + with_items: "{{ apache_vhosts_ssl }}" + +- name: Add apache vhosts configuration. + template: + src: "vhosts.conf.j2" + dest: "{{ apache_conf_path }}/sites-available/{{ apache_vhosts_filename }}" + owner: root + group: root + mode: 0644 + notify: restart apache + when: apache_create_vhosts + +- name: Add vhost symlink in sites-enabled. + file: + src: "{{ apache_conf_path }}/sites-available/{{ apache_vhosts_filename }}" + dest: "{{ apache_conf_path }}/sites-enabled/{{ apache_vhosts_filename }}" + state: link + notify: restart apache + when: apache_create_vhosts + +- name: Remove default vhost in sites-enabled. + file: + path: "{{ apache_conf_path }}/sites-enabled/{{ apache_default_vhost_filename }}" + state: absent + notify: restart apache + when: apache_remove_default_vhost diff --git a/tasks/configure-RedHat.yml b/tasks/configure-RedHat.yml new file mode 100644 index 0000000..0c3a01f --- /dev/null +++ b/tasks/configure-RedHat.yml @@ -0,0 +1,24 @@ +--- +- name: Configure Apache. + lineinfile: + dest: "{{ apache_server_root }}/conf/{{ apache_daemon }}.conf" + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + state: present + with_items: "{{ apache_ports_configuration_items }}" + notify: restart apache + +- name: Check whether certificates defined in vhosts exist. + stat: path={{ item.certificate_file }} + register: apache_ssl_certificates + with_items: "{{ apache_vhosts_ssl }}" + +- name: Add apache vhosts configuration. + template: + src: "vhosts.conf.j2" + dest: "{{ apache_conf_path }}/{{ apache_vhosts_filename }}" + owner: root + group: root + mode: 0644 + notify: restart apache + when: apache_create_vhosts diff --git a/tasks/configure-Solaris.yml b/tasks/configure-Solaris.yml new file mode 100644 index 0000000..a95654b --- /dev/null +++ b/tasks/configure-Solaris.yml @@ -0,0 +1,19 @@ +--- +- name: Configure Apache. + lineinfile: + dest: "{{ apache_server_root }}/{{ apache_daemon }}.conf" + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + state: present + with_items: "{{ apache_ports_configuration_items }}" + notify: restart apache + +- name: Add apache vhosts configuration. + template: + src: "vhosts.conf.j2" + dest: "{{ apache_conf_path }}/{{ apache_vhosts_filename }}" + owner: root + group: root + mode: 0644 + notify: restart apache + when: apache_create_vhosts diff --git a/tasks/configure-Suse.yml b/tasks/configure-Suse.yml new file mode 100644 index 0000000..16d89f8 --- /dev/null +++ b/tasks/configure-Suse.yml @@ -0,0 +1,24 @@ +--- +- name: Configure Apache. + lineinfile: + dest: "{{ apache_server_root }}/listen.conf" + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + state: present + with_items: "{{ apache_ports_configuration_items }}" + notify: restart apache + +- name: Check whether certificates defined in vhosts exist. + stat: path={{ item.certificate_file }} + register: apache_ssl_certificates + with_items: "{{ apache_vhosts_ssl }}" + +- name: Add apache vhosts configuration. + template: + src: "vhosts.conf.j2" + dest: "{{ apache_conf_path }}/{{ apache_vhosts_filename }}" + owner: root + group: root + mode: 0644 + notify: restart apache + when: apache_create_vhosts diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..0715fc2 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,58 @@ +--- +# Include variables and define needed variables. +- name: Include OS-specific variables. + include_vars: "{{ ansible_os_family }}.yml" + +- name: Define apache_packages. + set_fact: + apache_packages: "{{ __apache_packages | list }}" + when: apache_packages is not defined + +# Setup/install tasks. +- include: setup-RedHat.yml + when: ansible_os_family == 'RedHat' + +- include: setup-Suse.yml + when: ansible_os_family == 'Suse' + +- include: setup-Debian.yml + when: ansible_os_family == 'Debian' + +- include: setup-Solaris.yml + when: ansible_os_family == 'Solaris' + +# Figure out what version of Apache is installed. +- name: Get installed version of Apache. + shell: "{{ apache_daemon_path }}{{ apache_daemon }} -v" + changed_when: false + always_run: yes + register: _apache_version + +- name: Create apache_version variable. + set_fact: + apache_version: "{{ _apache_version.stdout.split()[2].split('/')[1] }}" + +- include_vars: apache-22.yml + when: "apache_version.split('.')[1] == '2'" + +- include_vars: apache-24.yml + when: "apache_version.split('.')[1] == '4'" + +# Configure Apache. +- include: configure-RedHat.yml + when: ansible_os_family == 'RedHat' + +- include: configure-Suse.yml + when: ansible_os_family == 'Suse' + +- include: configure-Debian.yml + when: ansible_os_family == 'Debian' + +- include: configure-Solaris.yml + when: ansible_os_family == 'Solaris' + +- name: Ensure Apache has selected state and enabled on boot. + service: + name: "{{ apache_service }}" + state: "{{ apache_state }}" + enabled: yes diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml new file mode 100644 index 0000000..8d72deb --- /dev/null +++ b/tasks/setup-Debian.yml @@ -0,0 +1,7 @@ +--- +- name: Update apt cache. + apt: update_cache=yes cache_valid_time=86400 + +- name: Ensure Apache is installed on Debian. + apt: "name={{ item }} state=installed" + with_items: "{{ apache_packages }}" diff --git a/tasks/setup-RedHat.yml b/tasks/setup-RedHat.yml new file mode 100644 index 0000000..f4a838f --- /dev/null +++ b/tasks/setup-RedHat.yml @@ -0,0 +1,7 @@ +--- +- name: Ensure Apache is installed on RHEL. + yum: + name: "{{ item }}" + state: installed + enablerepo: "{{ apache_enablerepo }}" + with_items: "{{ apache_packages }}" diff --git a/tasks/setup-Solaris.yml b/tasks/setup-Solaris.yml new file mode 100644 index 0000000..989e32e --- /dev/null +++ b/tasks/setup-Solaris.yml @@ -0,0 +1,6 @@ +--- +- name: Ensure Apache is installed on Solaris. + pkg5: + name: "{{ item }}" + state: installed + with_items: "{{ apache_packages }}" diff --git a/tasks/setup-Suse.yml b/tasks/setup-Suse.yml new file mode 100644 index 0000000..80c65ca --- /dev/null +++ b/tasks/setup-Suse.yml @@ -0,0 +1,6 @@ +--- +- name: Ensure Apache is installed on Suse. + zypper: + name: "{{ item }}" + state: installed + with_items: "{{ apache_packages }}" diff --git a/templates/vhosts.conf.j2 b/templates/vhosts.conf.j2 new file mode 100644 index 0000000..766554f --- /dev/null +++ b/templates/vhosts.conf.j2 @@ -0,0 +1,82 @@ +{{ apache_global_vhost_settings }} + +{# Set up VirtualHosts #} +{% for vhost in apache_vhosts %} + + ServerName {{ vhost.servername }} +{% if vhost.serveralias is defined %} + ServerAlias {{ vhost.serveralias }} +{% endif %} +{% if vhost.documentroot is defined %} + DocumentRoot {{ vhost.documentroot }} +{% endif %} + +{% if vhost.serveradmin is defined %} + ServerAdmin {{ vhost.serveradmin }} +{% endif %} +{% if vhost.documentroot is defined %} + + AllowOverride All + Options -Indexes +FollowSymLinks +{% if apache_vhosts_version == "2.2" %} + Order allow,deny + Allow from all +{% else %} + Require all granted +{% endif %} + +{% endif %} +{% if vhost.extra_parameters is defined %} + {{ vhost.extra_parameters }} +{% endif %} + + +{% endfor %} + +{# Set up SSL VirtualHosts #} +{% for vhost in apache_vhosts_ssl %} +{% if apache_ignore_missing_ssl_certificate or apache_ssl_certificates.results[loop.index0].stat.exists %} + + ServerName {{ vhost.servername }} +{% if vhost.serveralias is defined %} + ServerAlias {{ vhost.serveralias }} +{% endif %} +{% if vhost.documentroot is defined %} + DocumentRoot {{ vhost.documentroot }} +{% endif %} + + SSLEngine on + SSLCipherSuite {{ apache_ssl_cipher_suite }} + SSLProtocol {{ apache_ssl_protocol }} + SSLHonorCipherOrder On +{% if apache_vhosts_version == "2.4" %} + SSLCompression off +{% endif %} + SSLCertificateFile {{ vhost.certificate_file }} + SSLCertificateKeyFile {{ vhost.certificate_key_file }} +{% if vhost.certificate_chain_file is defined %} + SSLCertificateChainFile {{ vhost.certificate_chain_file }} +{% endif %} + +{% if vhost.serveradmin is defined %} + ServerAdmin {{ vhost.serveradmin }} +{% endif %} +{% if vhost.documentroot is defined %} + + AllowOverride All + Options -Indexes +FollowSymLinks +{% if apache_vhosts_version == "2.2" %} + Order allow,deny + Allow from all +{% else %} + Require all granted +{% endif %} + +{% endif %} +{% if vhost.extra_parameters is defined %} + {{ vhost.extra_parameters }} +{% endif %} + + +{% endif %} +{% endfor %} diff --git a/tests/Dockerfile.centos-6 b/tests/Dockerfile.centos-6 new file mode 100644 index 0000000..4a4e7b8 --- /dev/null +++ b/tests/Dockerfile.centos-6 @@ -0,0 +1,15 @@ +FROM centos:6 + +# Install Ansible +RUN yum -y update; yum clean all; +RUN yum -y install epel-release +RUN yum -y install git ansible sudo +RUN yum clean all + +# Disable requiretty +RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers + +# Install Ansible inventory file +RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts + +CMD ["/usr/sbin/init"] diff --git a/tests/Dockerfile.centos-7 b/tests/Dockerfile.centos-7 new file mode 100644 index 0000000..8aa0654 --- /dev/null +++ b/tests/Dockerfile.centos-7 @@ -0,0 +1,27 @@ +FROM centos:7 + +# Install systemd -- See https://hub.docker.com/_/centos/ +RUN yum -y swap -- remove fakesystemd -- install systemd systemd-libs +RUN yum -y update; yum clean all; \ +(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ +rm -f /lib/systemd/system/multi-user.target.wants/*; \ +rm -f /etc/systemd/system/*.wants/*; \ +rm -f /lib/systemd/system/local-fs.target.wants/*; \ +rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ +rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ +rm -f /lib/systemd/system/basic.target.wants/*; \ +rm -f /lib/systemd/system/anaconda.target.wants/*; + +# Install Ansible +RUN yum -y install epel-release +RUN yum -y install git ansible sudo +RUN yum clean all + +# Disable requiretty +RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers + +# Install Ansible inventory file +RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts + +VOLUME ["/sys/fs/cgroup"] +CMD ["/usr/sbin/init"] diff --git a/tests/Dockerfile.ubuntu-12.04 b/tests/Dockerfile.ubuntu-12.04 new file mode 100644 index 0000000..d0c130c --- /dev/null +++ b/tests/Dockerfile.ubuntu-12.04 @@ -0,0 +1,11 @@ +FROM ubuntu:12.04 +RUN apt-get update + +# Install Ansible +RUN apt-get install -y software-properties-common python-software-properties git +RUN apt-add-repository -y ppa:ansible/ansible +RUN apt-get update +RUN apt-get install -y ansible + +# Install Ansible inventory file +RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts diff --git a/tests/Dockerfile.ubuntu-14.04 b/tests/Dockerfile.ubuntu-14.04 new file mode 100644 index 0000000..ca33287 --- /dev/null +++ b/tests/Dockerfile.ubuntu-14.04 @@ -0,0 +1,11 @@ +FROM ubuntu:14.04 +RUN apt-get update + +# Install Ansible +RUN apt-get install -y software-properties-common git +RUN apt-add-repository -y ppa:ansible/ansible +RUN apt-get update +RUN apt-get install -y ansible + +# Install Ansible inventory file +RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts diff --git a/tests/test.yml b/tests/test.yml new file mode 100644 index 0000000..f5c5ca6 --- /dev/null +++ b/tests/test.yml @@ -0,0 +1,13 @@ +--- +- hosts: all + + vars: + apache_listen_port_ssl: 443 + apache_create_vhosts: true + apache_vhosts_filename: "vhosts.conf" + apache_vhosts: + - servername: "example.com" + documentroot: "/var/www/vhosts/example_com" + + roles: + - role_under_test diff --git a/vars/Debian.yml b/vars/Debian.yml new file mode 100644 index 0000000..7ff09c5 --- /dev/null +++ b/vars/Debian.yml @@ -0,0 +1,14 @@ +--- +apache_service: apache2 +apache_daemon: apache2 +apache_daemon_path: /usr/sbin/ +apache_server_root: /etc/apache2 +apache_conf_path: /etc/apache2 + +__apache_packages: + - apache2 + - apache2-utils + +apache_ports_configuration_items: + - regexp: "^Listen " + line: "Listen {{ apache_listen_port }}" diff --git a/vars/RedHat.yml b/vars/RedHat.yml new file mode 100644 index 0000000..d79fa5a --- /dev/null +++ b/vars/RedHat.yml @@ -0,0 +1,20 @@ +--- +apache_service: httpd +apache_daemon: httpd +apache_daemon_path: /usr/sbin/ +apache_server_root: /etc/httpd +apache_conf_path: /etc/httpd/conf.d + +apache_vhosts_version: "2.2" + +__apache_packages: + - httpd + - httpd-devel + - mod_ssl + - openssh + +apache_ports_configuration_items: + - regexp: "^Listen " + line: "Listen {{ apache_listen_port }}" + - regexp: "^#?NameVirtualHost " + line: "NameVirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}" diff --git a/vars/Solaris.yml b/vars/Solaris.yml new file mode 100644 index 0000000..576291e --- /dev/null +++ b/vars/Solaris.yml @@ -0,0 +1,19 @@ +--- +apache_service: apache24 +apache_daemon: httpd +apache_daemon_path: /usr/apache2/2.4/bin/ +apache_server_root: /etc/apache2/2.4/ +apache_conf_path: /etc/apache2/2.4/conf.d + +apache_vhosts_version: "2.2" + +__apache_packages: + - web/server/apache-24 + - web/server/apache-24/module/apache-ssl + - web/server/apache-24/module/apache-security + +apache_ports_configuration_items: + - regexp: "^Listen " + line: "Listen {{ apache_listen_port }}" + - regexp: "^#?NameVirtualHost " + line: "NameVirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}" diff --git a/vars/Suse.yml b/vars/Suse.yml new file mode 100644 index 0000000..27703f3 --- /dev/null +++ b/vars/Suse.yml @@ -0,0 +1,18 @@ +--- +apache_service: apache2 +apache_daemon: httpd2 +apache_daemon_path: /usr/sbin/ +apache_server_root: /etc/apache2 +apache_conf_path: /etc/apache2/conf.d + +apache_vhosts_version: "2.2" + +__apache_packages: + - apache2 + - openssh + +apache_ports_configuration_items: + - regexp: "^Listen " + line: "Listen {{ apache_listen_port }}" + - regexp: "^#?NameVirtualHost " + line: "NameVirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}" diff --git a/vars/apache-22.yml b/vars/apache-22.yml new file mode 100644 index 0000000..c932f93 --- /dev/null +++ b/vars/apache-22.yml @@ -0,0 +1,12 @@ +--- +apache_vhosts_version: "2.2" +apache_default_vhost_filename: 000-default +apache_ports_configuration_items: + - { + regexp: "^Listen ", + line: "Listen {{ apache_listen_port }}" + } + - { + regexp: "^#?NameVirtualHost ", + line: "NameVirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}" + } diff --git a/vars/apache-24.yml b/vars/apache-24.yml new file mode 100644 index 0000000..449a444 --- /dev/null +++ b/vars/apache-24.yml @@ -0,0 +1,8 @@ +--- +apache_vhosts_version: "2.4" +apache_default_vhost_filename: 000-default.conf +apache_ports_configuration_items: + - { + regexp: "^Listen ", + line: "Listen {{ apache_listen_port }}" + }